2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
20 package org.onap.aaf.cadi.filter;
22 import java.io.IOException;
23 import java.util.ArrayList;
24 import java.util.List;
26 import java.util.TreeMap;
28 import javax.servlet.Filter;
29 import javax.servlet.FilterChain;
30 import javax.servlet.FilterConfig;
31 import javax.servlet.ServletException;
32 import javax.servlet.ServletRequest;
33 import javax.servlet.ServletResponse;
34 import javax.servlet.http.HttpServletRequest;
36 import org.onap.aaf.cadi.Access;
37 import org.onap.aaf.cadi.Access.Level;
38 import org.onap.aaf.cadi.ServletContextAccess;
39 import org.onap.aaf.cadi.config.Config;
40 import org.onap.aaf.cadi.util.Split;
43 * This filter allows one to protect the APIs from data stored in AAF
45 * @author Instrumental(Jonathan)
47 public class CadiApiEnforcementFilter implements Filter {
49 private Map<String,List<String>> publicPaths;
50 private Access access;
53 public CadiApiEnforcementFilter(Access access, String enforce) throws ServletException {
60 public void init(FilterConfig fc) throws ServletException {
61 init(fc.getInitParameter(Config.CADI_API_ENFORCEMENT));
62 // need the Context for Logging, instantiating ClassLoader, etc
63 ServletContextAccess sca=new ServletContextAccess(fc);
69 private void init(final String ptypes) throws ServletException {
71 throw new ServletException("CadiApiEnforcement requires " + Config.CADI_API_ENFORCEMENT + " property");
73 String[] full = Split.splitTrim(';', ptypes);
75 throw new ServletException(Config.CADI_API_ENFORCEMENT + " property is empty");
80 publicPaths = new TreeMap<String,List<String>>();
82 for(int i=1;i<full.length;++i) {
83 String pubArray[] = Split.split(':', full[i]);
84 if(pubArray.length==2) {
85 List<String> ls = publicPaths.get(pubArray[0]);
87 ls = new ArrayList<String>();
88 publicPaths.put(pubArray[0], ls);
98 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException {
99 HttpServletRequest hreq = (HttpServletRequest)req;
100 final String meth = hreq.getMethod();
101 String path = hreq.getContextPath()+hreq.getPathInfo();
103 if(path == null || path.isEmpty() || "null".equals(path))
104 path = hreq.getRequestURI().substring(hreq.getContextPath().length());
106 List<String> list = publicPaths.get(meth);
108 for( String p : publicPaths.get(meth)) {
109 if(path.startsWith(p)) {
110 access.printf(Level.INFO, "%s accessed public API %s %s\n",
111 hreq.getUserPrincipal().getName(),
114 fc.doFilter(req, resp);
119 if(hreq.isUserInRole(type + '|'+path+'|'+meth)) {
120 access.printf(Level.INFO, "%s is allowed access to %s %s\n",
121 hreq.getUserPrincipal().getName(),
124 fc.doFilter(req, resp);
126 access.printf(Level.AUDIT, "%s is denied access to %s %s\n",
127 hreq.getUserPrincipal().getName(),
134 public void destroy() {